(2006-07-15) Enlisting A DC For The Default App NCs After Promotion

As you may know, by default each W2K3 forest contains 1 application partition for DNS (ForestDNSZones.<ForestName>) and each W2K3 domain contains 1 application partition for DNS (DomainDNSZones.<DomainName>). When a server is freshly promoted to a DC, it might take a while before it receives the default application partitions. Of course you may ask why it might take a while…

When a server is promoted to a DC, a computer account (and other leaf objects) is created within the domain partition and a server object and a NTDS Settings object is created within the configuration partition. The creation of these objects occurs on the DC that is used as the source DC for the newly promoted DC. After the promotion has finished and the new DC has been rebooted, the DNS service on the new DC will try to enlist itself automatically for the default application partition within the forest and within its own domain by contacting the Domain Naming Master FSMO. However, the Domain Naming Master FSMO will not enlist the new DC in the application partitions until it becomes aware of the new DC by means of normal Active Directory replication (the Domain Naming Master FSMO wants to have the server object and the NTDS Settings object before it enlists the newly promoted DC). So if some server is being promoted to a DC in some distant branch office and AD replication schedules are tightly configured (e.g. only after working hours or something similar) it might take some time before the Domain Naming Master FSMO becomes aware of the new DC. Forcing AD replication to the Domain Naming Master FSMO, including some other steps helps speeding this up. After the new DC has been enlisted, it still needs to inbound replicate the application partitions from a source DC.

The default period a DC tries to enlist for application partitions is 24 hours. This period is configurable through a registry change as shown below:

Check in the local replica of the DC hosting the Domain naming Master FSMO if the newly promoted DC is visible within the configuration container (server object, NTDS Settings objects, connection objects)

Stop and start the DNS service on the newly promoted DC

Check if the newly promoted DC has enlisted for the application partitions on the Domain Naming Master FSMO (e.g. with DNSCMD <FQDN DNM FSMO> /DIRECTORYPARTITIONINFO)